<?php
/******************************************
 * Author: <YOUR NAME HERE>
 * Description: <YOUR DESCRIPTION HERE>
 ******************************************/
class Prognosis  extends CustomSecurity { 

	var $db; 
	var $authID;
	var $machID;
	var $progA;
	var $progB;
	var $progID;
	var $points;

	function Prognosis($db){ 
          $this->db = $db; 
    }

	/***********************************
 	 * Add:         Allows the insertion of values into the Table.
 	 * Parameters:  $authID, $machID, $progA, $progB, $progID, $points
 	 * Return:      (Boolean) True - Successfully Inserted | False - Error
 	 ************************************/
	function add($machID, $progA, $progB){ 

		escape_string($machID);
		escape_string($progA);
		escape_string($progB);
		
		date_default_timezone_set('Europe/Helsinki');		

		$mdate = $this->getMatchDate($machID, date("Y-m-d H:i:s"));
		if (count($mdate) == 0){
			return;
		}

		$statement = "INSERT INTO prognosis (authID, machID, progA, progB) VALUES ('".$_SESSION['user_id']."', '$machID', '$progA', '$progB');";
		$results   = $this->db->query($statement);

		if($results){
			return true;
		}else{
			return false;
		}

	}//End add()


//	/***********************************
// 	 * Remove:      Allows for the removal of record from the database.
// 	 * Parameters:  (String)Primary Key Column Name | (Int) Primary Key Value
// 	 * Return:      (Boolean) True - Successfully Removed | False - Error
// 	 ************************************/
//	function remove($primaryKeyName, $primaryKeyValue){ 
//
//		//Custom SQL Injection Escaping HERE
//
//		$statement = "DELETE FROM prognosis WHERE $primaryKeyName = '$primaryKeyValue'";
//		$results   = $this->db->query($statement);
//		if($results){
//			return true;
//		}else{
//			return false;
//		}
//
//	}//End remove()


	/***********************************
 	 * Update:      Allows for the update of a record from the database.
 	 * Parameters:  (String)Primary Key Column Name | (Int) Primary Key Value | (String) Column Name To Update | (String) New Value
 	 * Return:      (Boolean) True - Successfully Updated | False - Error
 	 ************************************/
	function update($mId, $resA, $resB){ 

		escape_string($mId);
		escape_string($resA);
		escape_string($resB);
		date_default_timezone_set('Europe/Helsinki');		

		$mdate0 = $this->getMatchDate($mId, date("Y-m-d H:i:s"));
		$mdate = $mdate0[0]; 
//		pre_dump(count($mdate[0]));
		if (count($mdate[0]) == 0){
			return;
		}
		$statement = "UPDATE prognosis SET progA = $resA, progB = $resB WHERE  machID=$mId AND authID=".$_SESSION['user_id'];
//		pre_dump($statement);
		$results   = $this->db->query($statement);
		if($results){
			return true;
		}else{
			return false;
		}

	}//End update()
	
	function updateScores($id, $points){
		escape_string($id);
		escape_string($points);
	$statement = "UPDATE prognosis SET points = '$points' WHERE progID = '$id'";
	echo $statement;
		$results   = $this->db->query($statement);
		if($results){
			return true;
		}else{
			return false;
		}
	}
	
	function get($id){
		escape_string($id);
		$statement = "SELECT progA, progB FROM prognosis WHERE machID=$id AND authID=".$_SESSION['user_id'];
		$results   = $this->db->getAll($statement);

		return $results;
		
	}
	
	function getUserPrognosis($userid){
		escape_string($userid);
		date_default_timezone_set('Europe/Helsinki');		

		$mdate0 = date("Y-m-d H:i:s");
		
		$statement = "SELECT m.teamA, m.teamB, progA, progB, points FROM prognosis p INNER JOIN matches m ON p.machID = m.matchID WHERE '$mdate0' > date AND authID=".$userid;
		$results   = $this->db->getAll($statement);

		return $results;
		
	}
	
	function getMatchDate($id, $mdate){
		$statement = "SELECT date FROM matches WHERE matchID=$id AND date > '$mdate'";
		$results = $this->db->getAll($statement);

		return $results;
		
	}


	/***********************************
 	 * GetAll:       Returns all the records in the database.
 	 * Parameters:   NA
 	 * Return:      (MultiDimensional-Array)String
 	 ************************************/
	function getAll(){ 

		//Custom SQL Injection Escaping HERE

		$statement = "SELECT authID, machID, progA, progB, progID, points FROM prognosis";
		$results   = $this->db->getAll($statement);

		return $results;

	}//End getAll()
	
	function getMatches($id){ 

		escape_string($id);

		$statement = "SELECT progA, progB, progID FROM prognosis WHERE machID = $id";
		$results   = $this->db->getAll($statement);

		return $results;

	}
	
	function getAllMatches(){ 

		$statement = "SELECT progA, progB, progID FROM prognosis";
		$results   = $this->db->getAll($statement);

		return $results;

	}


	/***********************************
 	 * GetObject:   Returns a specific record form the batabase.
 	 * Parameters:  (Int) Primary Key Value
 	 * Return:      (Array)String
 	 ************************************/
	function getObject($primaryKeyName, $primaryKeyValue){ 

		//Custom SQL Injection Escaping HERE

		$statement = "SELECT authID, machID, progA, progB, progID, points FROM prognosis WHERE ".$primaryKeyName." = '".$primaryKeyValue."'";
		$results   = $this->db->getAll($statement);

		return $results;

	}//End getObject()
	
	function getPoints(){
		$statement = "SELECT SUM(points) FROM prognosis WHERE authID=".$_SESSION['user_id'];
		$results   = $this->db->getAll($statement);

		return $results;
	}
	
	function getPointsPerId($id){
		escape_string($id);
		$statement = "SELECT SUM(points) FROM prognosis WHERE authID=$id";
		$results   = $this->db->getAll($statement);

		return $results;
	}
	
	function calculatePlaces(){
		$statement = "SELECT SUM(points) FROM prognosis WHERE authID=".$_SESSION['user_id'];
		$results   = $this->db->getAll($statement);

		return $results;
		
	}


}//End Class Prognosis
?>